| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Comments:
<0> you have a lot of traffic probably
<1> 2 ksoftirqd_CPU0
<1> its first
<0> but still, it would'n eat 100 CPU
<0> not 5000
<1> sergiu: Total 1.83MiB 3.10K 3.08MiB 3.37K
<1> like 5 megs of traf and like 7k conn
<0> tcpdump in a file and take a look
<1> sergiu25 all those interupts are because of my 5k rule firewall
<0> what config is your box?
<1> sempron 2800
<1> withj 1gigs ram
<0> that should handle alot more
<1> i know
<0> ok
<1> i told the guysearlier
<0> iptables f flush
<1> i had a celeron 333 with much more rules in it
<0> and check it again
<1> no
<1> i would loose my ip acc
<1> anyway
<1> if i would do that
<0> paste the firewall lines
<1> everything is back to normal
<0> u under NATA?
<0> NAT
<1> NATA ?
<1> yes
<0> i see
<1> like 80%
<0> paste the firewall lines
<1> of my IPs are private
<1> ..well.. simple ip acc in FORWARD and MARKS in mangle for limiting purpose
<1> a few SNATs and DNAts
<1> w8
<1> a sec
<1> -A ipaccCH -d 192.168.xxx -j ACCEPT - forward
<0> still, what could he write in that firewall, that would eat 100% of CPU
<1> -A syn-flood -m limit --limit 1/sec --limit-burst 4 -j RETURN
<1> -A POSTROUTING -s 192.168.39.2 -j MARK --set-mark 0xb
<1> -A POSTROUTING -s 192.168.39.2 -j RETURN
<1> a few port DROPs
<1> and tha's all
<0> comment the syn-flood line
<0> and try again
<1> not very complex firewall
<1> hmm..
<1> i'll try..but under this load i think it would take me a while
<1> heh..viva iptables-restore :D
<1> under heavy load just 3 sec for 5k rules :ZD
<0> what distro are you using
<1> salck 10.1 now
<1> i hade same firewall under FC3
<0> and it worked without problems?
<1> nope..same pb
<0> ok
<0> so?
<1> that';s why i changed..i thought maybe slack would help but..no luck
<0> how is it? without the syn line
<1> ..well cant tell really..seems no difference
<1> trafic dropped suddently
<1> Total 1.19MiB 2.14K 1.79MiB 2.31K
<1> Cpu(s): 0.0% user, 33.7% system, 0.0% nice, 66.3% idle
<1> anyway..syn line isnt helping much so i can "give it up"
<0> give me a vmstat report again
<0> how are the faults in?
<1> procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
<1> 1 0 0 558648 117460 80384 0 0 0 0 6169 52 0 70 30 0
<1> also big
<0> how many users do you have?
<1> many :D
<0> that make traffic right now
<1> let me see
<1> not many.. like 200
<2> duh..
<0> ok, an advice. Close the 135,136,137,138,139 and 445 dst ports
<1> they are closed
<1> :)
<0> it's possible to have many infected machines in your network
<1> first ports i close in forward
<1> neah.. just clean them
<3> LD: vmstat 1 2 | tail -1
<1> i posted virus warnings
<1> 0 0 0 558544 117460 80384 0 0 0 0 1841 42 0 26 74 0
<3> Hm. Few interrupts.
<1> with ":cures"
<1> yes..fewer
<3> You probably need to cut back on your netfilter rules.
<0> lol
<1> traffic also dropped
<0> last time he had 6000 inter.
<1> gcbirzan i'm doping that constanly
<3> How many do you have?
<1> how many waht ?
<0> chicken :))
<3> netfilter rules.
<1> ..well.. now only 3.8k
<3> Heh.
<4> msn filter transfer is not working on client pc | i google alot but i got the port number but main problem is that i can not send a file from linux client to any body that is a prt of my msn messenger
<3> What the heck are you using them for?
<1> ip acc and limiting of private cl***
<1> :)
<1> gimme some alternatives
<1> ...dont tell me ipfm
<3> a) Use something else for accounting, netflows? Maybe on a separate machine. b) Don't do NAT.
<3> If you have to use private IPs, map them to public IPs 1:1. So you can use iproute NAT.
<3> Connection tracking == bad.
<4> gcbirzan so how to connection tracking them ?
<1> gcbirzan i agree.. but under my circumstances believe me i cant do that.. what i can do is to drop the limiting of the output
<3> lolena1: You don't.
<3> LD: Get more IPs.
<3> NAT is overrated.
<0> not true
<1> yeah thats another solution i'm working on..
<1> but its taking a lot more than I anticipated
<1> ripe stuff
<0> i have 150pc's nat'd by a xp 1700+
<1> sergiu..how many rules in firewall ?
<3> LD: A friend of mine used www.jump.ro and was quite satisfied.
<0> i have about 7000 inter, and 30-40% system load
<1> same i use :)
<1> v interesting
<1> htb also ?
<0> i prefer nat for many reasons
<3> sergiu25: Such as?
<0> no, FreeBSD
<0> control gcbirzan
<0> these guys make alot of useless traffic
<3> sergiu25: Firewall them.
<0> i did
<3> No need for NAT.
<0> but v. needed for protection
<0> and ofcourse lower costs
<0> why buy IP's
<3> You don't 'buy' IPs. :-)
<0> really
<1> just rent them
<1> :)
<0> :P
<1> an ip ADRESS doesnt have a value... but for that ip to be ruted that implies work.. wich is paid..:D
<0> anyways, that sempron 2800 of yours should do even a cs server under these circumstances
<3> First thing you should do is get rid of the accounting stuff.
<1> sergiu25.. what do you use for accountig
<1> ?
<0> what do you mean by accouting?
<1> ip trafic per IP
<1> trafic per IP
<0> cc
<1> cc ?
<0> yeah
Return to
#linuxhelp
or
Go to some related
logs:
hearttttttttttttttttttttttt
joanito undernet
#linux
encraption c++
#php
ANDI.LV
13age sex
depress CButton
MyDNS notify
#linux
|
|